ansible / ansible.builtin / v2.9.3 / module / gce_net create/destroy GCE networks and firewall rules | "added in version" 1.5 of ansible.builtin" Authors: Eric Johnson (@erjohnso) <erjohnso@google.com>, Tom Melendez (@supertom) <supertom@google.com> preview | supported by communityansible.builtin.gce_net (v2.9.3) — module
pip
Install with pip install ansible==2.9.3
This module can create and destroy Google Compute Engine networks and firewall rules U(https://cloud.google.com/compute/docs/networking). The I(name) parameter is reserved for referencing a network while the I(fwname) parameter is used to reference firewall rules. IPv4 Address ranges must be specified using the CIDR U(http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) format. Full install/configuration instructions for the gce* modules can be found in the comments of ansible/test/gce_tests.py.
# Create a 'legacy' Network - name: Create Legacy Network gce_net: name: legacynet ipv4_range: '10.24.17.0/24' mode: legacy state: present
# Create an 'auto' Network - name: Create Auto Network gce_net: name: autonet mode: auto state: present
# Create a 'custom' Network - name: Create Custom Network gce_net: name: customnet mode: custom subnet_name: "customsubnet" subnet_region: us-east1 ipv4_range: '10.240.16.0/24' state: "present"
# Create Firewall Rule with Source Tags - name: Create Firewall Rule w/Source Tags gce_net: name: default fwname: "my-firewall-rule" allowed: tcp:80 state: "present" src_tags: "foo,bar"
# Create Firewall Rule with Source Range - name: Create Firewall Rule w/Source Range gce_net: name: default fwname: "my-firewall-rule" allowed: tcp:80 state: "present" src_range: ['10.1.1.1/32']
# Create Custom Subnetwork - name: Create Custom Subnetwork gce_net: name: privatenet mode: custom subnet_name: subnet_example subnet_region: us-central1 ipv4_range: '10.0.0.0/16'
mode: choices: - legacy - auto - custom default: legacy description: - network mode for Google Cloud C(legacy) indicates a network with an IP address range; C(auto) automatically generates subnetworks in different regions; C(custom) uses networks to group subnets of user specified IP address ranges https://cloud.google.com/compute/docs/networking#network_types version_added: '2.2' version_added_collection: ansible.builtin name: description: - name of the network state: choices: - active - present - absent - deleted default: present description: - desired state of the network or firewall fwname: aliases: - fwrule description: - name of the firewall rule allowed: description: - the protocol:ports to allow (I(tcp:80) or I(tcp:80,443) or I(tcp:80-800;udp:1-25)) this parameter is mandatory when creating or updating a firewall rule pem_file: description: - path to the pem file associated with the service account email This option is deprecated. Use C(credentials_file). version_added: '1.6' version_added_collection: ansible.builtin src_tags: default: [] description: - the source instance tags for creating a firewall rule src_range: aliases: - src_cidr default: [] description: - the source IPv4 address range in CIDR notation ipv4_range: aliases: - cidr description: - the IPv4 address range in CIDR notation for the network this parameter is not mandatory when you specified existing network in name parameter, but when you create new network, this parameter is mandatory project_id: description: - your GCE project ID version_added: '1.6' version_added_collection: ansible.builtin subnet_desc: description: - description of subnet to create version_added: '2.2' version_added_collection: ansible.builtin subnet_name: description: - name of subnet to create version_added: '2.2' version_added_collection: ansible.builtin target_tags: default: [] description: - the target instance tags for creating a firewall rule version_added: '1.9' version_added_collection: ansible.builtin subnet_region: description: - region of subnet to create version_added: '2.2' version_added_collection: ansible.builtin credentials_file: description: - path to the JSON file associated with the service account email version_added: 2.1.0 version_added_collection: ansible.builtin service_account_email: description: - service account email version_added: '1.6' version_added_collection: ansible.builtin
allowed: description: Rules (ports and protocols) specified by this firewall rule. returned: When specified sample: tcp:80;icmp type: str fwname: description: Name of the firewall rule. returned: When specified sample: my-fwname type: str ipv4_range: description: IPv4 range of the specified network or subnetwork. returned: when specified or when a subnetwork is created sample: 10.0.0.0/16 type: str name: description: Name of the network. returned: always sample: my-network type: str src_range: description: IP address blocks a firewall rule applies to. returned: when specified sample: - 10.1.1.12/8 type: list src_tags: description: Instance Tags firewall rule applies to. returned: when specified while creating a firewall rule sample: - foo - bar type: list state: description: State of the item operated on. returned: always sample: present type: str subnet_name: description: Name of the subnetwork. returned: when specified or when a subnetwork is created sample: my-subnetwork type: str subnet_region: description: Region of the specified subnet. returned: when specified or when a subnetwork is created sample: us-east1 type: str target_tags: description: Instance Tags with these tags receive traffic allowed by firewall rule. returned: when specified while creating a firewall rule sample: - foo - bar type: list